package com.zhengbing.tj.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * Spring Security安全配置
 *
 * @author zhengbing
 * @date 2025-07-07
 */
@Configuration
public class SecurityConfig {
    @Autowired
    private TokenFilter tokenFilter;

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http
            .csrf().disable()
            .cors() // 启用CORS
            .and()
            .authorizeRequests()
            .antMatchers(
                "/api/users/login",
                "/api/users/register",
                "/api/users/refresh-token",
                "/doc.html",
                "/swagger-resources/**",
                "/webjars/**",
                "/v2/api-docs",
                "/v3/api-docs",
                "/swagger-ui.html",
                "/swagger-ui/**",
                "/favicon.ico"
            ).permitAll()
            .anyRequest().authenticated()
            .and()
            .addFilterBefore(tokenFilter, UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }
} 